At Fri, 28 Jun 2013 10:37:44 +0200, Matthias Kirschner wrote:
I'd like to have some feedback from you. Do you agree with those points?
on most computers Javascript is enabled by default
This gives anyone a platform to play with parts of their owners
equipment.
- From a security point you are lost as soon as you give an adversary
the opportunity to control your system.
- Only non-active web content can guarantee that you keep control over
your equipment.
I strongly disagree. Any data that is interpreted has the potential to take control of the interpreter. This is true not only of JavaScript, but also of OpenOffice.org XML, PDF and FAT. Since we clearly want to read documents from people we don't trust (e.g., the NSA), then we need to design our systems and our programs to not only make it hard for data to do something (as opposed to be!) malicious, but to limit the potential damage should it succeed. This firstly requires educating developers, not users. Of course, it would be nice if the systems made this easier. For instance, whereas it is easy to drop your user id on the Hurd, this is not possible on Linux. The closest you can come is to dynamically create a new user, but this requires superuser privileges or some mediator like Plash, which is unfortunately no longer maintained.
Neal